Re: Install OpenBSD without physical access
Jona Joachim wrote: Hi! I was wondering if anybody had any experience with installing OpenBSD on a remote system without physical access to the machine. I have a virtual server in Germany which runs Debian Etch and I'm pretty fed up with it and I want to install OpenBSD on it. This is a virtual server which runs under a Virtuozzo environment. I can boot it with a Linux live system. My idea was to set up an OpenBSD system at home, dump it, upload the image to the server and restore the image to the hard drive using the live system. I don't know how to install the boot loader yet. This server is just a free time project of me and a friend of mine so it's not so important if it's down for some time. If anything goes wrong I can restore the original Debian system or boot it with a live system. I'm pretty sure Virtuozzo/OpenVZ only support Linux, and not *BSD virtual machines. Best regards, Jona Joachim -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Install OpenBSD without physical access
Jona Joachim wrote: I'm pretty sure Virtuozzo/OpenVZ only support Linux, and not *BSD virtual machines. Oh, that would be really sad. The guy from the support told us you can run almost anything on it when we called several months ago. I does support Windows but that's not much of a surprise. We're going to call tomorrow and see what they answer. I hope the answer will not be What is BSD?. http://en.wikipedia.org/wiki/Virtuozzo#Comparison_to_other_technologies http://wiki.openvz.org/Introduction_to_virtualization Regards, Jona -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: alternatives to sendmail
Douglas Allan Tutty wrote: Hello, However, sendmail is a very steep and tall learning curve. I'm coming from Debian (which no longer installes with 32 MB ram) so I'm used to exim. I know that exim is GPL. I'm wondering if there are other BSD-licensed MTAs. I'm sure to stir up a firestorm of philosophical, license and ideological controversy, but I run qmail on all of my mail servers, and it has been one of the most solid and problem-free mail subsystems I've ever used. My mail servers are all (Debian and Slackware) Linux though, only my firewalls are OpenBSD. I've never personally installed qmail on OBSD, but it apparently can be done, judging by web traffic: http://www.google.com/search?q=qmail+openbsdie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a Qmail is definitely not BSD-licensed, and this bothers some people. Qmail's license is odd. You can redistribute only plain vanilla qmail source, any changes you make can only be published as patches. This may offend some, and that's that. Nonetheless, I find mail administration with qmail to be so much better than I'm willing to deal with it. Thanks, Doug. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Sangoma S518 PCI ADSL Modem
christian johansson wrote: After reading all responses to my previous post (thanks guys!), I think its pretty clear I was barking up the wrong tree, not looking at the ready built soekrises :) So on to my next question, what to use for an internal dsl card. After googling around, it seems clear there are no modern / reliable mini-pci dsl modem cards, but there are some PCI ones. The preferred one seems to be the Sangoma S518 PCI ADSL Modem. I've read both that this card does not work in openbsd any longer (ever since they changed the form factor in the latest revision) but others say it does too work. Does anyone here know for sure if this internal dsl modem card works in openbsd? I read posts from one guy who claimed he had put it in a soekris net4801, so assuming he was using an adapter, does anyone know here if this is a safe approach? Can the soekris deliver enough power through the mini-pci bus? I realize doing this would require modding the soekris box, but thats ok. Some other guy said in a post that internal dsl cards are like winmodems, shoving most of the work over to the host machine. Is this true? For a card going for over $100 this seems pretty strange. There is much confusion. I own this card. In the new form factor (identical, electrically to the old) it is a half-height PCI card, which ought to work in a Soekris. I use it in a 2U rack system, so I don't know for sure. The driver will compile (or at least on 3.9 it did) and try to run. I was never able to resolve an authentication problem I had under OBSD. It may have been a problem specific to my site/ISP. I was able to use it successfully under Linux using the userspace PPPd with the 518 card acting like a dumb DSL modem spouting serial PPP data to a pseudo-TTY. This is how I use it today, though I prefer OBSD for firewall/router use. The OBSD S518 driver doesn't offer the dumb serial mode that the Linux version does, so I wasn't able to use this workaround. I think the hardware is excellent, and I am thrilled at the support of open source OSes. Unfortunately, market demands do not allow Sangoma to officially support the S518 under OBSD anymore. Unofficially, they still offer it on their web site, and have accepted and integrated patches from the community. I don't know if anyone else has been pursuing this since I had to abandon the work and let my router run Linux. I think the Sangoma card is one of the best out there, and I'd like to see it supported better. The driver is open source, and there is an (old) version of it integrated into the OBSD kernel. I doubt this old driver is something you want to mess with though. There is some sort of special-purpose processor on the card (in a big FPGA), and it does some of the work. Some of the protocol work is done in the driver itself, and not all of the internal code is accessible through open source. I don't have a problem with that, as long as it works. I'd like to talk/work with other S518 owners to see if we can't do a better job of making this device accessible under OBSD. The manufacturer has been very open with info and code, but can't justify their own guys doing much debugging on it anymore. The advantages of having your DSL manifest as an interface directly on your router (without the extra hop) are enormous, from a traffic shaping perspective, so I highly recommend the Sangoma card for this purpose. Christian -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Google's Perftools and tcmalloc - Worth the risk?
Tobias Weingartner wrote: In article [EMAIL PROTECTED], Richard Wilson wrote: I dunno. Am I being overly paranoid, or should I stick with nice dependable old-fashioned malloc? I usually take dependable and slightly slower over faster and nastier any day. Especially if it's fast enough. Optimally, you could switch between allocators as a compile-time define. Use a tougher allocator for debugging and stress testing. Use a lighter, faster one in situations where you are confident that the code is solid and needs speed more than bullet-resistance. In a perfect world, you would always have enough power to run the bulletproof allocator. In the real world, that might mean 25% (statistic chosen randomly) more server farm horsepower. Good, fast, cheap. Pick any two. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: VOIP NAT
Brian Candler wrote: What, specifically is your issue? One huge issue has to do with pf and SIP protocol design. SIP signaling messages go over a well-known port (5060/tcp), but the media traffic (the actual voice packets) go over some random port negotiated during call setup. I believe that what you describe is what my VOIP provider (teliax.com, fwiw) does on their Asterisk box. It works great, and we (the customers) don't have to do any funny NAT config, just the stock configuration works great. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: VOIP NAT
Bob DeBolt wrote: I have been trying numerous configs trying to out smart the inability of VOIP to transfer to UDP encapsulated RTP. A very common problem as anyone who deals with NAT and VOIP knows. Hmm. Maybe not. I use VOIP behind NAT (Sipura and Grandstream phones talking to an off-site Asterisk server) without any problems. I was using an OBSD PF firewall. It's booted into Linux right now due to driver problems with my ADSL NIC, but it the VOIP part worked fine under either OS/firewall. What, specifically is your issue? -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Jacek Artymiak
Henning Brauer wrote: * Siju George [EMAIL PROTECTED] [2006-11-28 17:56]: If anyone is in touch with Jacek Artymiak ( the PF book author ) or know anything about his health Please let me know. apparently he's fine, mailed me a few days ago Tell him we're all eagerly awaiting an updated printing of his book. ;) -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Further: Debugging printfs in OpenBSD lkm module
Chris 'Xenon' Hanson wrote: I think I can sort out the problem if I can just get a few debug printfs to spit out some bits of info at certain times. But, I'm not an experienced BSD kernel guy and I've been unsuccessful in doing so. Is this the wrong list to be asking this sort of stuff on? I'm racking my brains trying to figure out how to get the driver to tell me what's failing. Maybe blip out morse code in the PC speaker? I'm just not familiar with the restrictions and capabilities available to me when working inside a kernel device driver. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Further: Debugging printfs in OpenBSD lkm module
Ok, I'm still trying to get some protocol debugging done in Sangoma's PPP implementation for their excellent S518 ADSL card. I have it working under Linux, but something minor but critical seems to be failing under OpenBSD, because they internal PPP never accepts the LCP options offered by my ISP. I think I can sort out the problem if I can just get a few debug printfs to spit out some bits of info at certain times. But, I'm not an experienced BSD kernel guy and I've been unsuccessful in doing so. The driver is compiled to be an lkm, so it sort of links during driver load-time. I've tried including syslog.h and using the syslog() call, but at driver load time it complains about modload not being able to load the module because of the reference to syslog. I tried printf(), which compiled, loaded and ran fine, but I couldn't find anywhere that the text came out. Not on the console, or any logs I could see. Can someone tell me a drop-dead simple way to blast out a few strings from within a loadable kernel module that's guaranteed to be n00b-proof? Thanks in advance. I'm really hoping to switch my router/firewall back to booting OBSD. It's all ready to go, but I have to boot the Linux install because I can't get this silly PPP stack debugged. Alternately, any other recommendations for how to debug are welcomed. I only have one OpenBSD machine to play with, so I don't know how I would do any remote debugging or anything. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: [unclassified] Re: uEagle DSL chipset
Craig Skinner wrote: On Mon, Aug 14, 2006 at 10:48:55PM -0400, Chris Zakelj wrote: PPPoA is in some ways, preferable, since you don't have the MTU issue of PPPoE. Much better. It is helpful to include such details ;) I didn't think it was important, since I wasn't asking for help. I'm just saying, I use a Sangoma card, and I've gotten it sort of working. I'll supply more info when I have real success to report. At the office where I worked roughly three years ago, we had a setup where the external modem handled all the PPPoA aspects, but transparently handed off the public IP address and forwarded all ports to the oBSD firewall I had set up. Unfortunately, I forget the name of the company that made it, but it did work quite well, and didn't require any kind of extra configuration on the firewall itself. How it did that, though, I haven't a clue. I used to have a DLink 300T that done this, think it was some sort of half-bridge, if there is such a thing. The routable WAN IP was passed though to the NIC, but I could still telnet/web to it on a private address from the same NIC - all done with DHCP. I've heard of devices that do this. I had been using a Cisco 678, which, while it's a good piece of gear, it doesn't do half-bridging, and I also ran into a lot of weirdness from having another black box network device in the data stream. I resolved to try to minimize the amount of closed-source magic that was involved in my network. Too many issues were difficult to troubleshoot and resolve because we couldn't peek inside what the black box was doing, so I wanted to get away from those types of architectures. Having an extra hop like that also makes it more difficult to do traffic shaping, which is one of my primary requirements. If I can get the Sangoma card working 100%, it should be the best possible configuration as far as transparency and control goes. More news as events warrant. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: uEagle DSL chipset
Will Hoskins wrote: I was overjoyed when this chipset was supported in 3.8. At last, I thought, consumer level DSL equipment which will show up as an interface instead of some dodgy ppp tun0 nonsense. So then, my obsd sweethearts, do you ever drop support for vapourware drivers or will this be forever immortalized in your CVS repository (neatly avoided the temptation to put suppository). Bummer. I went with a Sangoma S518 card for similar reasons. I've beaten them into bringing their OBSD driver up to date, but I still am having trouble with it. It doesn't agree with my ISP's PAP login. I don't know of any better DSL interface drivers, unfortunately. Your faithful servant, Will -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: uEagle DSL chipset
Chris Zakelj wrote: Why not just a plain old DSL/10BaseT bridge and pppoe(8)? I agree that it'd be great to have hardware plugged comfortably inside the system and one less piece hanging off the power strip, but canacar@ and crew have done an incredible job on it, to the point where even my old i486/33 with a pair of ep(4) cards can handle residential (384/1.5 tested) DSL. My ISP uses PPPoA rather than PPPoE. PPPoA is in some ways, preferable, since you don't have the MTU issue of PPPoE. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: one drive in a raid 0 failed, can I save any data?
Shane J Pearson wrote: What I did in that case, was image with Ghost and when the drive spins-down, pull the power plug on the drive alone, then plug it back in to get a few more minutes of copying. Keep doing that until the whole drive is imaged. Thankfully, this worked perfectly for me. Another thing I have seen successfully done when a drive would not spin-up at all, was a PCB swap from an exact same drive (model/firmware). If you try this, image the drive and then restore to another disk. Since when I saw this done, the newly fixed drive with different PCB died only days later in the same way. As if something inside the drive killed something on the outer PCB. I have done both of these things in the past, when desperate, with some success. I've also sent a super-critical drive out to drivesavers (I think it was them) and they saved it, but it was mucho $. It all depends on how much you need it. Also, look into RAID _5_ in the future. And a final note of wisdom -- SMART monitoring is your friend. Use it. Check it weekly on every system you own. I saved a lot of hassle when one drive in my (Linux) file server's RAID 5 told me one day Failure Imminent. I overnighted the exact same model ans swapped it out the next day, preventing a lot of headache. Shane -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Storage container for servers switches
Phusion wrote: I will be moving some servers and switches in the near future. The computer equipment is all rack-mountable so it's 1U and 2U. I was wondering if anyone could recommend storage containers for this type of computer equipment. Let me know if you have any ideas. Thanks. You can buy roadie cases with standard rack rails from musician supply stores and catalogs. They're basically portable, armored racks. Dunno how it fits with your budget, but if it can help digital music gear survive a concert tour, it is probably good for your servers. Phusion -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: When would you NOT use OpenBSD?
I run OpenBSD for almost anything that is exposed to insecure digital spaces, like the Internet, that needs to be seriously hardened. I run and Linux (or god forbid, Windows) on servers that can be a little soft because they are only exposed to trusted access. My company's main websites are run on hosted servers that we don't directly control the OS of. I believe they are running on Debian 3.1 GNU/Linux systems, and I am satisfied with the expertise of those responsible for running them, so it's not my issue. My router/firewall/VPN box is OpenBSD. It is the gateway to all the soft bits on my intranet. The intranet server runs Linux (Slackware), for multiple reasons. Generally you have a wider applications base and possibly easier access to more modern versions of tools, and more people who have expertise to draw upon. Also, there are some performance reasons, it being an SMP machine. There are two exceptions to the hard/soft rule. There are two tunnels through the hardened OBSD gateway into soft Linux servers: Mail and DMZ HTTP. For architectural reasons, my SMTP server runs on the soft Linux intranet server. However, I run qmail, a piece of software written by someone who is equally concerned about code quality and security as the OpenBSD team themselves. I am generally confident that exposing access to qmail on a soft Linux system is not a point of failure. If an exploit were found in qmail, I would need to move quickly to resolve it since Linux does not have nearly as much exploit-prevention architecture as OpenBSD. The second soft hole is access to a Linux-based low-load webserver running in my network DMZ. I chose Linux here to have wider access to more modern webserver software and applications. Due to the higher potential for exploitation, this machine is walled off into a DMZ with no access to the Intranet. It is remotely backed up by a revision tracking system on a daily basis so that it can be rebuilt or rolled back to a known good state if it is compromised. There are a couple of Windows remote-desktop machines and an ancient Windows fax server lurking in the intranet zone, but they aren't allowed to speak to the outside world except via secure VPN connections established and controlled by the OpenBSD gateway. Use systems of trusted security (OpenBSD and/or qmail) whenever compromise would be expensive. Allow less hardened systems only where compromise is not likely (intranet), or not costly (DMZ). -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: When would you NOT use OpenBSD?
Hannah Schroeter wrote: IIRC there're consultants offering commercial services around OpenBSD, too. So you could've hired one to fix the Broadcom problem of yours, just like you paid for Nortel's on-site troubleshooting. Not to inflame the issue, but this isn't as solid of an argument as it appears. Knowing in advance whether you'll be able to find a consultant who knows enough about your problem to fix it is very tenuous. I'm not saying vendor support is always reliable either, but generally a commercial vendor is expected to understand the depths of their own product. If one could guarantee that the person who wrote the problematic code were always available as a consultant, the analogy might be closer, but frequently that's not the case. Even a commercialized open source OS like Red Hat Linux is going to face this issue. Then again, OpenBSD is free. No one expects it to be exactly like commercial software, and it has a lot of benefits that commercial software won't. Choose the tool that best fits the requirements. Dan Kind regards, Hannah. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: ADSL with pppoa (over ATM)
mike wrote: http://www.patton.com/support/faqs_detail.asp?id=142 http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware I was mistaken, my VPI=0, VCI=35 per my ISP. Note that this is in Wisconsin, USA, so the above link's table is not quite correct, as it lists the USA's VPI as 8, which also was the modem's default. VPI/VCI numbers vary all over the US, so that table is about worthless. Here in Colorado, on Qwest, I believe we are 0,32. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: ADSL with pppoa (over ATM)
Luca Losio wrote: Hi, I read the faq searching for info about pppoa (http://www.openbsd.org/faq/faq6.html) : The main software interface to PPPoE/PPPoA on OpenBSD is pppoe(8), which is a userland implementation (in much the same way that we described ppp(8), above) but I can't figure out how to configure it for a ppp over ATM connection. Anyone can help? I don't want to have a double NAT, one from the adsl modem and one from the OpenBSD gateway... First, what kind of ADSL modem do you have? thanks -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: Low-cost 1U server
Andrew Ng wrote: Hi, from previous threads in this list, I gathered that the Dell PowerEdge SC1425 works well with OpenBSD 3.8. However, I have reservations from past experience with Dell's customer support, hope anyone can recommend an equivalent low-cost system with the following minimum requirements - 1) Form factor - 1U 2) CPU - Pentium 2GHz(non-Celeron) 3) 512MB RAM 4) Internal disk storage expandability 5) OS - OpenBSD 3.8 or higher 6) 2 Ethernet interfaces 7) Max US$1200 per unit I don't own one, but I've been looking at the Cybertron white-box 1U rackmount servers that TigerDirect is selling: http://www.tigerdirect.com/applications/searchtools/search.asp?mnf=1462 Looks like this item: http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1649717CatId=1205 Cybertron Pentium 4 511 2.8GHz 1U Rackmount Server / 1024MB DDRII / 2x 160GB Hard Drives / RAID / Dual Gigabit LAN. This cost-effective, high performance server is the ideal platform for small-business, e-commerce, or any entry-level server needs. $1199. Meets your requirements. I think there are lower-cost models that still meet your requirements too. TigerDirect is a pretty big outfit, and should be able to handle orders internationally. I can't speak for OpenBSD support on them, but they look like pretty generic safe hardware. Would love to hear what you find. Regards Andrew Ng -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: OBSD 3.8: bash, libiconv, libintl in rc.securelevel
yary wrote: On 3/7/06, Chris 'Xenon' Hanson [EMAIL PROTECTED] wrote: yary wrote: Pardon me for giving what may be a naive answer, but how about putting /usr/local/lib into the LD_LIBRARY_PATH env variable before starting the wanrouter script? It's an obvious answer, but I figured there must be a good reason (security?) that /usr/local/lib _isn't_ in the LD_LIBRARY_PATH at that stage, and it didn't seem like a good idea for an installer to tamper with the system's LD_LIBRARY_PATH. Partly I'm looking for insight as to why it is the way it is currently. I can see it being a security thing, but you only have to set that environment variable for the subshell that's starting the wanrouter, not for the whole system at that stage of boot. This seems to work for /bin/sh: $ (export fff=rrr echo $fff) rrr $ echo $fff $ You have to trust /usr/local enough to run the port/package in the first place... so try launching wanrouter with (export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib /bin/bash /usr/local/bin/wanrouter) - your startup script will add the local libs to its search path but the rest of that bootup stage won't. And if that's incorrect someone will surely point out the error of my ways! I think you make a good point. That should be safe to do, and will allow us to not have to mess with the static bash package, which will allow the installer to use the more generalized pkg_add that will adapt to platform and OS version. Thanks everyone! -y -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: OBSD 3.8: bash, libiconv, libintl in rc.securelevel
Otto Moerbeek wrote: On Wed, 8 Mar 2006, Chris 'Xenon' Hanson wrote: Thanks everyone! Leaves me wondering why you cannot use ksh to run the script. Are you running into a ksh bug or a bash specific feature? I honestly don't know, I didn't write the script, Sangoma did. It calls for bash, and I assume they know why. -Otto -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
OBSD 3.8: bash, libiconv, libintl in rc.securelevel
I'm working on getting the Sangoma WANPIPE driver working under OpenBSD 3.8 (mostly working) and ran into a couple of little problems that I'm trying to find the right way to solve. The preferred setup is to run their wanrouter bash script in the rc.securelevel script, to load the driver module before securelevel is raised to where module loading is no longer permitted. So, the wanrouter script requires bash, which in turn requires libiconv and libintl. Libiconv and libintl normally install into /usr/local/lib, where bash finds them just fine once the system is fully booted. But, it seems that running the wanrouter bash script from rc.securelevel fails because at that point bash can't find libiconv and libintl. I presume that /usr/local/lib is not in the lib search path at that point. My hack solution was to symlink both libiconv and libintl into /usr/lib, which does seem to be in the lib search path at that point, but that seems like a poor solution. If I need to run the wanrouter bash script from rc.securelevel, what is the proper way to ensure bash finds the pieces it needs to run? I'd like to advise Sangoma on how to adjust their install script so that it works right every time without the user having to know what paths to hack. Thanks in advance for any advice. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: OBSD 3.8: bash, libiconv, libintl in rc.securelevel
Chris 'Xenon' Hanson wrote: My hack solution was to symlink both libiconv and libintl into /usr/lib, which does seem to be in the lib search path at that point, but that seems like a poor solution. While poking around, I see that there is a package for a static version of bash: ftp://ftp.openbsd.org//pub/OpenBSD/3.8/packages/i386/bash-3.0.16p1-static.tgz I'm guessing this would solve the problem. But, it raises a couple of other questions: 1. If the user already has non-static bash installed, will installing this package cause problems, or will it require that the non-static package be removed first? 2. For an automated installer, how would the installer know where to get the proper package? The URL above works for 3.8, but will be wrong for 3.9. Is there an environment variable or string that the installer can expand to get the 3.8 or 3.9 portion of the URL? And then, how does it figure out the exact package filename for the static version of bash for a OS release it's never seen before? Without a heavy-duty web search,how would it know that the 3.8 static release of bash was named bash-3.0.16p1-static.tgz? It'd be nice if the script doesn't immediately break and need updating when 3.9 comes out. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: OBSD 3.8: bash, libiconv, libintl in rc.securelevel
yary wrote: Pardon me for giving what may be a naive answer, but how about putting /usr/local/lib into the LD_LIBRARY_PATH env variable before starting the wanrouter script? It's an obvious answer, but I figured there must be a good reason (security?) that /usr/local/lib _isn't_ in the LD_LIBRARY_PATH at that stage, and it didn't seem like a good idea for an installer to tamper with the system's LD_LIBRARY_PATH. Partly I'm looking for insight as to why it is the way it is currently. -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.
Re: ADSL modem intern
Kevin wrote: I'm in the same boat. Actually, I don't really need an internal ADSL modem per se, primarily I just need a managed ADSL device from which I can automatically obtain line quality and carrier loss information via SNMP or a serial port or some other OpenBSD-compatible mechanism. I had one of the little Cisco ADSL external bridges (675?), but it eventually melted down and just stopped working entirely. I have a great little Cisco 678 that I'm using now, and won't need once I get the Sangoma card working. It has nice SNMP support, but it's not fully compatible with the Alcatel DSLAM at my current location, so I don't get full up/down bandwidth anymore. :( Thanks, Kevin -- Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/ I set the wheels in motion, turn up all the machines, activate the programs, and run behind the scenes. I set the clouds in motion, turn up light and sound, activate the window, and watch the world go 'round. -Prime Mover, Rush.